[
https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14097146#comment-14097146
]
Yuki Morishita commented on CASSANDRA-7585:
-------------------------------------------
bq. Could we make it possible to state the server_encryption_options on the
command line as well as via the config? The command will look horrible...
That's why I added option to load yaml file. I could add 8 more command line
options for server encryption but it seems redundant. I'd rather deprecate the
current way of setting client encryption options.
I think I can highlight this more in help string.
Will update with other nits fixed.
> cassandra sstableloader connection refused with inter_node_encryption
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-7585
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7585
> Project: Cassandra
> Issue Type: Bug
> Components: Core, Tools
> Reporter: Samphel Norden
> Assignee: Yuki Morishita
> Fix For: 2.0.10, 2.1.1
>
> Attachments: 7585-2.0.txt
>
>
> cassandra sstableloader connection refused with inter_node_encryption
> When using sstableloader to import tables (cassandra 2.0.5) with inter-node
> encryption and client encryption enabled, I get a connection refused error
> I am using
> sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers
> TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts
> /path/to/truststore -tspw <passwd> $fullpath/$table
> Errors out with
> Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
> WARN 17:13:34,147 Failed attempt 1 to connect to
> Similar problem reported in cassandra 2.0.8 by another user
> http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
> ==================
> Relevant cassandra.yaml snippet (with obfuscation)
> server_encryption_options:
>
> internode_encryption: all
>
> keystore:/path/to/keystore
>
> keystore_password: <passwd>
>
> truststore:/path/to/truststore
>
> truststore_password:<passwd>
>
> # More advanced defaults below:
>
> protocol: TLS
>
> algorithm: SunX509
>
> store_type: JKS
>
> cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
>
> require_client_auth: true
>
>
>
> # enable or disable client/server encryption.
>
> client_encryption_options:
>
> enabled: true
>
> keystore: /path/to/keystore
>
> keystore_password: <truststorepasswd>
>
> #require_client_auth: true
>
> # Set trustore and truststore_password if require_client_auth is true
>
> truststore:/path/to/truststore
>
> truststore_password: <truststorepasswd>
>
> # More advanced defaults below:
>
> protocol: TLS
>
> algorithm: SunX509
>
> store_type: JKS
>
> cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
>
> ======================
> Note that by setting inter-node encryption to "none" sstableloader works..
> but setting it to "all" fails... It seems like sstableloader uses 7000 is my
> guess instead of using the ssl port 7001 for streaming/gossip.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
